Users of computing devices have varying levels of cyber-security awareness, such that some users are more vulnerable than others to attacks.
In some cases, a corporation may wish to assess the security awareness of its employees, in order to better assess any risks to which the corporation is exposed.